The Angeet ES3 KVM is vulnerable to an OS command injection attack due to improper sanitization of user-supplied variables in the 'cfg.lua' script. An authenticated attacker can exploit this vulnerability to execute OS-level commands. The vulnerability has a CVSS score of 9.1 and is classified as CRITICAL. The CVE was published on March 17, 2026, and last modified on March 24, 2026. The vendor, Unknown Ve [truncated]
The CVE-2026-32297 vulnerability allows a remote, unauthenticated attacker to write arbitrary files on Angeet ES3 KVM devices, including configuration files and system binaries. This could enable an attacker to gain complete control of a vulnerable system. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. The CVE was published on March 17, 2026, and last modified on March 24, 2 [truncated]
